You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@spark.apache.org by "Łukasz Żukowski (Jira)" <ji...@apache.org> on 2020/07/28 05:48:00 UTC

[jira] [Commented] (SPARK-28004) Update jquery to 3.4.1

    [ https://issues.apache.org/jira/browse/SPARK-28004?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17166162#comment-17166162 ] 

Łukasz Żukowski commented on SPARK-28004:
-----------------------------------------

Hi

It it possible to backport this to 2.4.x ?

This is security upgrade then I think it should be fixed in stable version.

 

regards

 

> Update jquery to 3.4.1
> ----------------------
>
>                 Key: SPARK-28004
>                 URL: https://issues.apache.org/jira/browse/SPARK-28004
>             Project: Spark
>          Issue Type: Improvement
>          Components: Web UI
>    Affects Versions: 3.0.0
>            Reporter: Sean R. Owen
>            Assignee: Sean R. Owen
>            Priority: Major
>             Fix For: 3.0.0
>
>
> We're using an old-ish jQuery, 1.12.4, and should probably update for Spark 3 to keep up in general, but also to keep up with CVEs. In fact, we know of at least one resolved in only 3.4.0+ (https://nvd.nist.gov/vuln/detail/CVE-2019-11358). They may not affect Spark, but, if the update isn't painful, maybe worthwhile in order to make future 3.x updates easier.
> jQuery 1 -> 2 doesn't sound like a breaking change, as 2.0 is supposed to maintain compatibility with 1.9+ (https://blog.jquery.com/2013/04/18/jquery-2-0-released/)
> 2 -> 3 has breaking changes: https://jquery.com/upgrade-guide/3.0/. It's hard to evaluate each one, but the most likely area for problems is in ajax(). However, our usage of jQuery (and plugins) is pretty simple. 
> I've tried updating and testing the UI, and can't see any warnings, errors, or problematic functionality. This includes the Spark UI, master UI, worker UI, and docs (well, I wasn't able to build R docs)



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@spark.apache.org
For additional commands, e-mail: issues-help@spark.apache.org